A few counterarguments on #LocalMess (#Facebook #Instagram #Yandex #LocalhostTracking), why this would make #Android worse than #iOS:
This vuln seems to only have existed on Android, but not everyone would need to be affected by it.
I see #GrapheneOS as a perfected form of the Android idea (stripping the #Advertizing and Tracking from it, and adding needed permissions).
1/8
I really enjoyed @gabestein's blog post on the latest #meta security scandal: #localmess
https://buttondown.com/gabestein/archive/you-simply-cannot-trust-these-people/
Wenn ihr so etwas wie Instagram oder Facebook auf dem Handy nutzt, dann verwendet bitte _niemals_ die Apps. Installiert euch Fennec mit uBlock Origin. Wie das geht habe ich hier erklärt:
https://www.youtube.com/watch?v=a5-qV6OUV_o
https://www.spacefun.ch/linux-videos#android1
#Passwort - der Podcast von #heise #security: Lokale Sauereien von #Meta und #Yandex
#Browser #Facebook
#WhatsApp #DSGVO
Meta und Yandex sind bei #Trackingmethoden erwischt worden, die weit über das Übliche hinausgehen. Christopher und Sylvester sehen sich die Publikation "
#LocalMess" an. Darin dokumentieren Forscher #Tracking-Tricks dieser Firmen, die den Nutzerwünschen explizit zuwiderlaufen, Securitymaßnahmen untergraben und #Kommunikation verschleiern.
Die Hosts haben Mühe, noch einen Unterschied zum Vorgehen typischer #Malware zu sehen.
Webseite der Episode:
https://passwort.podigee.io/34-lokale-sauereien-von-meta-und-yandex
Mediendatei:
https://audio.podigee-cdn.net/1973369-m-54944d53cac54770deb6feecac8ac80e.mp3?source=feed
echt guter Podcast zum Thema #LocalMess von @heisec , wie #Meta und Yandex mit ihren Apps als Schadsoftware agiert haben.
Die Apps #Facebook & #Instagram & #Yandex haben Schutzmaßnahmen des Betriebssystems umgangen, also von #Android. So konnten alle Aktivitäten im Browser getrackt werden, solange das passende Trackingscript auf der Website ausgespielt wird.
Apps deaktivieren / Werbeblocker installieren.
https://passwort.podigee.io/34-lokale-sauereien-von-meta-und-yandex
Companies are pushing non-stop for users to move from web apps to phone apps. They justify the push saying phone apps are more secure. But that's a blatant lie. They want you to move to phone apps so they have a lot more control over you, and can drain a lot more information about you. The recent #LocalMess misbehavior from #Meta is just one more example showing this: if you install their app, the OS will allow them doing many things the web browser won't. https://localmess.github.io/
#Meta #Facebook and #Yandex are always looking for new ways to spy on you and track you. #LocalMess is the latest in a long line of abusive methods to gather your private data. Having their mobile app installed gives them super powers. Uninstall it. If you must use these services, do not use their app, keep it in the browser, or even better, use a wrapper app, like
* https://f-droid.org/packages/it.rignanese.leo.slimfacebook/
* https://f-droid.org/packages/us.spotco.maps/
Here is a nice technical write up:
https://localmess.github.io/
"Meta apps, this method effectively allows these organizations to link mobile browsing sessions and web cookies to user identities, hence de-anonymizing users' visiting sites embedding their scripts."
#Meta caught breaking #Android's #sandbox by monitoring #webbrowsing through its #apps
"A Google representative told Ars Technica that 'the behavior violates the terms of service" for the #GooglePlay marketplace'".
OK, delete them right now from the #PlayStore then! 
In which #Facebook / #Meta does more evil things 
:
“Disclosure: Covert Web-To-App Tracking Via Localhost On Android”, Local Mess (https://localmess.github.io/).
#Zuckerberg’s privacy pledge revealed as ineffectual
Millions of websites are leaking your private information to #Meta, the parent company of #Facebook, #Instagram, etc. By hacking #Android browser features in ways that were never intended, Meta is tracking you all the way around the web—with no disclosure nor oversight.
Incognito mode doesn’t stop it; neither does blocking 3rd-party cookies. Russian social giant #Yandex is doing it too.
As soon as researchers disclosed the #LocalMess problem, Meta stopped it—for now. In #SBBlogwatch, we go live in a cave.
Year after year. This company is bad to the bone, ethically bankrupt and eaten by greed.
This is evil by design: https://localmess.github.io/ #meta #localmess
From: @cduvenhorst
https://mastodon.social/@cduvenhorst/111475752144823608
#Meta is seriously concerning 
Their apps open local ports on #Android, while their #tracking pixels, embedded in thousands of websites, connect to these ports and gather information about users. This effectively bypasses #privacy measures such as private browsing or clearing cookies, making users personally identifiable on websites that use those pixels.
Although it appears they have stopped this technique after it was uncovered, it still reveals Meta's true intentions, imho.
"We found that native #Android apps—including #Facebook, #Instagram, and several #Yandex apps including Maps and Browser—silently listen on fixed local ports for tracking purposes." #localmess https://localmess.github.io/
La pillada que le acaban de hacer a Meta espiando y desanonimizando a usuarios de Android es tremenda. Ojalá se lleven una multa descomunal, pero dudo que eso pase o si pasa dudo que valga para cambiar nada. Poca opción nos queda como usuarios más allá de dejar de usar aplicaciones de este tipo de empresas y bloquear todos los trackers que podamos en las webs que visitemos.
